Page 48 of 50 FirstFirst ... 384647484950 LastLast
Results 471 to 480 of 494

Thread: Howto: set up a mail server in Ubuntu

  1. #471
    Join Date
    Dec 2009
    Location
    Sweden
    Beans
    23
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Howto: set up a mail server in Ubuntu

    gidden2,

    I can send mail from RoundCube (have not tried SquirrelMail), but not from Thunderbird and I see the same in my mail.log and auth.log as you describe.
    May I ask what you have set the parameter "IMAP_CAPABILITY" to in /etc/courier/imapd? Mine is set to:
    Code:
    IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
    /Mats

  2. #472
    Join Date
    Aug 2013
    Beans
    3

    Re: Howto: set up a mail server in Ubuntu

    hi m_gustafsson,

    I added full /etc/courier/imapd to my previous post. In that parameter I have this :
    Code:
    IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

  3. #473
    Join Date
    Dec 2009
    Location
    Sweden
    Beans
    23
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Howto: set up a mail server in Ubuntu

    gidden2,

    I think I got it working on my end now and I can now send emails from both Thunderbird and my iPad via my own server.

    I started out by changing my outgoing server in Thunderbird to the local IP of my mail server and tried different combinations of ports etc. When that was working I switched back to the real domain name of my server and then it just worked. Don't know if you have the same problem as I had, and if the client settings are your problem as well.
    Anyway, I ended up with the following settings in Thunderbird.

    IMAP server
    Port: 993
    Connection security: SSL/TLS
    Authentication method: Normal password

    SMTP server
    Port: 465
    Connection security: SSL/TLS
    Authentication method: Normal password

    I can hardly believe that it is actually working now, after weeks of work, so I guess that it will not work when I wake up tomorrow

    /Mats

  4. #474
    Join Date
    Dec 2011
    Beans
    1

    Re: Howto: set up a mail server in Ubuntu

    Hi there!

    First of all I want to express my thanks and respect to the people that provide such great source of information and share knowledge. Kudos to flurdy! I have the set up running since 2 years perfectly.

    Just recently I came across the 8 character limitation due to the encrypt() I guess. Now I want to change to stronger passwords but am not really sure what to do. I tried just to use md5() in the sql to encrypt differently but it does not seem to work in the backend (I see that the password is encrypted differently in the db though).

    has anyone some hints for me? I have the super standard setup as per flurdys guide.

    Thanks a lot!

    David

  5. #475
    Join Date
    Oct 2013
    Beans
    1

    Re: Howto: set up a mail server in Ubuntu

    Thanks for this great tutorial: http://flurdy.com/docs/postfix/
    That was a big help.

    Only two little things, I stumbled on when going through step by step, starting off with Bitnami Tomcat/MySQL AMI:
    - "sudo adduser clamav amavis" you should not try to create the clamav user before clamAV is installed, else installation of clamAV will break. So move this one down to clamAV procedure.
    - Amavis: "content_filter = amavis:[127.0.0.1]:10024" should be 10025 (or also 10024 in the master.cf)

  6. #476
    Join Date
    Nov 2010
    Beans
    2

    Re: Howto: set up a mail server in Ubuntu

    Thanks for this great tutorial: http://flurdy.com/docs/postfix/
    That really appreciate.
    I want to ask one question. I configured all configuration and testing them step by step. When i configure SASL, that's working. I can send mail and recieve mail too and i can enter too my roundcube webmail. Then next i configure TLS. I can't enter to my roundcube using my client user and password. ROundcube says "connection to imap server failed" That is my log file
    /var/log/mail.log
    email imapd: Connection, ip=[::ffff:192.168.30.30]
    email imapd: LOGOUT, ip=[::ffff:192.168.30.30], rcvd=14, sent=353

  7. #477
    Join Date
    Nov 2010
    Beans
    2

    Re: Howto: set up a mail server in Ubuntu

    Here's my netstat and iptable status
    root@email:~# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:submission *:* LISTEN 1966/master
    tcp 0 0 localhost:spamd *:* LISTEN 1316/spamd.pid
    tcp 0 0 *:http *:* LISTEN 2051/apache2
    tcp 0 0 *:ssmtp *:* LISTEN 1966/master
    tcp 0 0 *:ssh *:* LISTEN 651/sshd
    tcp 0 0 *:smtp *:* LISTEN 1966/master
    tcp 0 0 localhost:10023 *:* LISTEN 1301/postgrey.pid -
    tcp 0 0 localhost:10024 *:* LISTEN 1279/amavisd (maste
    tcp 0 0 localhost:10025 *:* LISTEN 1966/master
    tcp 0 0 localhost:mysql *:* LISTEN 1093/mysqld
    tcp 0 52 192.168.30.30:ssh 192.168.30.31:54957 ESTABLISHED 2087/sshd: test [pr
    tcp6 0 0 [::]:submission [::]:* LISTEN 1966/master
    tcp6 0 0 [::]:imap2 [::]:* LISTEN 1834/couriertcpd
    tcp6 0 0 [::]:ssmtp [::]:* LISTEN 1966/master
    tcp6 0 0 [::]:ssh [::]:* LISTEN 651/sshd
    tcp6 0 0 [::]:smtp [::]:* LISTEN 1966/master
    tcp6 0 0 [::]:imaps [::]:* LISTEN 1862/couriertcpd




    root@email:~# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    dynamic all -- anywhere anywhere ctstate INVALID,NEW
    net2fw all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    Reject all -- anywhere anywhere
    LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
    reject all -- anywhere anywhere [goto]

    Chain FORWARD (policy DROP)
    target prot opt source destination
    Reject all -- anywhere anywhere
    LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
    reject all -- anywhere anywhere [goto]

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    fw2net all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    Reject all -- anywhere anywhere
    LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
    reject all -- anywhere anywhere [goto]

    Chain Broadcast (2 references)
    target prot opt source destination
    DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
    DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
    DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
    DROP all -- anywhere base-address.mcast.net/4

    Chain Drop (1 references)
    target prot opt source destination
    all -- anywhere anywhere
    reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */
    Broadcast all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
    Invalid all -- anywhere anywhere
    DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */
    DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
    DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
    DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
    DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
    NotSyn tcp -- anywhere anywhere
    DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */

    Chain Invalid (2 references)
    target prot opt source destination
    DROP all -- anywhere anywhere ctstate INVALID

    Chain NotSyn (2 references)
    target prot opt source destination
    DROP tcp -- anywhere anywhere tcpflags:! FIN,SYN,RST,ACK/SYN

    Chain Reject (3 references)
    target prot opt source destination
    all -- anywhere anywhere
    reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */
    Broadcast all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
    Invalid all -- anywhere anywhere
    reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */
    reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
    reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
    reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
    DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
    NotSyn tcp -- anywhere anywhere
    DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */

    Chain dynamic (3 references)
    target prot opt source destination

    Chain eth0_fwd (0 references)
    target prot opt source destination
    dynamic all -- anywhere anywhere ctstate INVALID,NEW
    smurfs all -- anywhere anywhere ctstate INVALID,NEW
    tcpflags tcp -- anywhere anywhere

    Chain fw2net (1 references)
    target prot opt source destination
    ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
    ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain logdrop (0 references)
    target prot opt source destination
    DROP all -- anywhere anywhere

    Chain logflags (5 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflagsROP:"
    DROP all -- anywhere anywhere

    Chain logreject (0 references)
    target prot opt source destination
    reject all -- anywhere anywhere

    Chain net2fw (1 references)
    target prot opt source destination
    dynamic all -- anywhere anywhere ctstate INVALID,NEW
    smurfs all -- anywhere anywhere ctstate INVALID,NEW
    ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
    tcpflags tcp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH */
    ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp /* SMTP */
    ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp /* SMTPS */
    ACCEPT tcp -- anywhere anywhere tcp dpt:submission /* Submission */
    ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 /* IMAP */
    ACCEPT tcp -- anywhere anywhere tcp dpt:imaps /* IMAPS */
    ACCEPT tcp -- anywhere anywhere tcp dpt:http /* Web */
    ACCEPT tcp -- anywhere anywhere tcp dpt:https /* Web */
    Drop all -- anywhere anywhere
    LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net2fwROP:"
    DROP all -- anywhere anywhere

    Chain reject (10 references)
    target prot opt source destination
    DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
    DROP all -- base-address.mcast.net/4 anywhere
    DROP igmp -- anywhere anywhere
    REJECT tcp -- anywhere anywhere reject-with tcp-reset
    REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
    REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

    Chain shorewall (0 references)
    target prot opt source destination

    Chain smurflog (2 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level info prefix "Shorewall:smurfsROP:"
    DROP all -- anywhere anywhere

    Chain smurfs (2 references)
    target prot opt source destination
    RETURN all -- 0.0.0.0 anywhere
    smurflog all -- anywhere anywhere [goto] ADDRTYPE match src-type BROADCAST
    smurflog all -- base-address.mcast.net/4 anywhere [goto]

    Chain tcpflags (2 references)
    target prot opt source destination
    logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
    logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
    logflags tcp -- anywhere anywhere [goto] tcpflags: SYN,RST/SYN,RST
    logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN/FIN,SYN
    logflags tcp -- anywhere anywhere [goto] tcp spt:0flags: FIN,SYN,RST,ACK/SYN

  8. #478
    Join Date
    Nov 2013
    Beans
    2

    Re: Howto: set up a mail server in Ubuntu

    Quote Originally Posted by m_gustafsson View Post
    gidden2,

    I think I got it working on my end now and I can now send emails from both Thunderbird and my iPad via my own server.

    I started out by changing my outgoing server in Thunderbird to the local IP of my mail server and tried different combinations of ports etc. When that was working I switched back to the real domain name of my server and then it just worked. Don't know if you have the same problem as I had, and if the client settings are your problem as well.
    Anyway, I ended up with the following settings in Thunderbird.

    IMAP server
    Port: 993
    Connection security: SSL/TLS
    Authentication method: Normal password

    SMTP server
    Port: 465
    Connection security: SSL/TLS
    Authentication method: Normal password

    I can hardly believe that it is actually working now, after weeks of work, so I guess that it will not work when I wake up tomorrow

    /Mats
    I got thunderbird working with this settings too, but how can i get rid of the "normal password" authentication method? I strictly followed the tutorial and got the impression that it would allow me to use encrypted autentication, like CRAM-MD5 instead of "normal password". Is this assumtion correct or did i misunderstood and "normal password" is the way to go?

    If it should allow to use encrypted authentication, what are the parts in the tutorial i should take a closer look?
    Btw. i added CRAM-MD5 to the imap_capability in the /etc/courier/imapd.

    I tried roundcube and even here i can only use "LOGIN" as authentication method, but the roundcube detects that there should be CRAM-MP5 availabe (probably because it is enabled in courier) but resulting in "login failed".

    I even looked in the courier documentation and it says that CRAM-MD5 authentication only works with plain passwords in the database, but if i understand correctly whats described in the tutorial that there is a workaround using SASL and PAM, i did whats described in the tutorial but either i made a mistake or it did not work.

    Can someone help me?

  9. #479
    Join Date
    Jun 2006
    Beans
    Hidden!

    Re: Howto: set up a mail server in Ubuntu

    First, thanks _a lot_ for the guide, I followed it and it worked nearly flawlessly. I only had issues with SASL and Roundcube playing nice together (over TLS), which seems to be the main headache anyways

    Maybe it's because the guide does non-TLS config first and then specifies changes to have a TLS config but since the final configuration states that the smtps/submission listener should restrict to sasl authenticated (logical) and does not allow unauthenticated local webclients by default I had to change a couple of things.

    Of course, I could have just added

    Code:
    permit_mynetworks
    to
    Code:
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
    in /etc/postfix/master.cf for both smtps and submission, but it would not have been as clean.

    Instead, I first changed the submission to launch in chroot, since the guide does not have it chrooted. Plus submission on port 587 is much newer than smtps on port 465 and should be used for Roundcube.

    In /etc/postfix/master.cf use the following line (remove the second 'n' from the guide).
    Code:
    submission inet n       -       -       -       -       smtpd
    Then make sure that in /etc/default/saslauthd you follow the guide (The different path for the socket are described just above in the same file):
    Code:
    OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
    Then Roundcube needs to be modified in order to use submission on the correct port, and this is the big difference : authenticate itself.

    So in main.inc.php (whatever your location is, if you're using Ubuntu 12.04 LTS and do not want the old 0.7.x version, you can just use a manual installation following Roundcube's own guide and point your webserver to it).
    Code:
    $rcmail_config['smtp_server'] = 'tls://localhost';
    $rcmail_config['smtp_port'] = 587;
    $rcmail_config['smtp_user'] = '%u';
    $rcmail_config['smtp_pass'] = '%p';
    $rcmail_config['smtp_auth_type'] = 'LOGIN';
    - You must use tls:// for port 587 and ssl:// for port 465 since they are different protocols and won't work interchangeably.
    - You must tell Roundcube to give login/pw info to the smtp server, otherwise it will not be authenticated and since you only allow sasl authenticated clients, it will fail.
    - The only method that worked for me was "LOGIN", using CRAM-MD5 or MD5-DIGEST had the pam authentication fail (I guess maybe because it's stored in the DB as a crypt token derived directly from a plaintext and not from an MD5 digest but I might be wrong). Eventhough this is not the most secure login type since it's basically plaintext/base64, it goes through TLS (if you force submission TLS only as described in the guide) and therefore shouldn't be that much of an issue.

    If anyone has a way to get any of the digest method to work, please do reply.

    Also things to consider that weren't mentionned in the guide :

    - Make sure /etc/pam.d/smtp is empty from anything else than what the guide mentions.

    - You can test SASL with testsaslauthd command such as
    Code:
    testsaslauthd testsaslauthd -r <DOMAIN> -u <USER_WITHOUT_@DOMAIN> -p '<CLEARTEXT_PASSWORD>' -f /var/spool/postfix/var/run/saslauthd/mux -s smtp
    and see what goes on in sasl (/var/log/mail.log), the pam.d (/var/log/auth.log) module and mysql (/var/log/mysql/mysql.log) database getting hit with the SELECT query.

    - Some options that are worth considering since they help a lot debugging postfix :
    Code:
    debug_peer_list=<IP_OF_PEER_TO_DEBUG>
    debug_peer_level=3
    One last thing concerning the guide, at one point the term 'apassword' is used for both the mail users themselves (when generating the encrypt/salted string) and the database user for the maildb (virtual hosts files etc.), it could become a bit confusing.

  10. #480
    Join Date
    Nov 2013
    Beans
    2

    Re: Howto: set up a mail server in Ubuntu

    @tehownt
    hey, could you please check if your post is related to my question i posted right above it? I am not sure if i understand what you wrote but it seems related to me. Does it solve my problem?

Page 48 of 50 FirstFirst ... 384647484950 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •